The Agent Skills Directory

[Data Exfiltration] (CRITICAL): The scripts/upload.sh script is designed to read local files and transmit their binary content to an external storage service (fal.ai). This capability, when exposed to an AI agent, creates a critical risk where sensitive files such as ~/.ssh/id_rsa, ~/.aws/credentials, or .env files can be exfiltrated through indirect prompt injection.
[Prompt Injection] (HIGH): The skill handles user prompts as direct inputs to shell scripts that execute network requests and write to the local file system. The absence of boundary markers or input sanitization allows an adversary to manipulate the agent's behavior and exploit the skill's capabilities for malicious purposes.
[External Downloads] (MEDIUM): The scripts/generate.sh and scripts/edit.sh tools download files from the internet using curl -o based on URLs provided by a third-party API. The lack of validation for the source or integrity of these downloads presents a risk if the external service is compromised or if the download path is manipulated.
[Command Execution] (MEDIUM): The --output-dir argument is used directly in mkdir -p and as a target for file writes. Without strict validation, this allows for the creation of directories and placement of files in arbitrary locations on the host system, which could lead to resource exhaustion or unauthorized file organization.

fal-ai-image